Complex Healthcare Systems in the Modern Social Engineering Landscape: The Human Factors of System Survivability

Publication Date

2-25-2026

Document Type

Article

Publication Title

Handbook of Human Factors in Cybersecurity Systems A Human Centered Approach

DOI

10.1201/9781003413707-8

First Page

144

Last Page

165

Abstract

This chapter explores the growing cybersecurity risks associated with the integration of social media into both personal and professional domains, with a particular focus on healthcare. Social media platforms, which have become deeply embedded in everyday life, offer malicious actors extensive access to sensitive information, making social engineering tactics, such as phishing, increasingly effective. Despite the recognition of social media as a threat vector, many healthcare systems remain vulnerable due to underdeveloped cybersecurity practices and insufficient training in cyber hygiene. Healthcare employees, particularly those on the front lines, are prime targets due to the high-stress, high-workload environments in which they operate, which impair their ability to detect and respond to cyber threats. Moreover, factors such as fatigue, stress, and organizational culture further heighten vulnerability. This chapter examines case studies of successful social engineering attacks on healthcare organizations, highlighting the ease with which attackers exploit publicly available social media data. It argues for the urgent need to design robust cybersecurity systems and human-centered solutions to improve detection and resilience against such attacks, ensuring a safer healthcare environment in the face of evolving cyber threats. Incorporating the system survivability framework into healthcare systems necessitates a holistic understanding of both the technical and human elements that define the system's resilience to threats. The human factors component of system performance is critical for ensuring that staff members can both prevent and respond to cybersecurity threats effectively. Staff behavior, training, and cognitive capabilities play a central role in the system's ability to preemptively mitigate risks, detect ongoing attacks, and adapt to evolving threats. Human-centric cybersecurity models, such as the user-reflective mitigation approach, stress the importance of developing staff awareness and vigilance against social engineering tactics that exploit human error. While systems can be designed to withstand and recover from attacks, their vulnerability often lies within the human interaction with technology. As such, organizations must design systems that integrate human capabilities and limitations into their security frameworks. This includes creating environments where employees can quickly recognize and respond to threats and ensuring that the system's design supports rapid recovery with minimal disruption. This dual focus on technical and human factors increases a system's robustness, reducing the likelihood of catastrophic failure when under threat. Furthermore, the process of recovery is not limited to merely returning to operational status after an attack. It is an ongoing feature of resilient system design, with built-in flexibility that allows systems to continue functioning even in degraded states. In healthcare, this means that frontline workers are equipped to make critical decisions when faced with limited access to information due to cyber disruptions. For instance, in the case of a hospital under attack, clinical teams can rely on non-digital processes to continue patient care, demonstrating the importance of training staff for adaptability. Ultimately, survivability in complex healthcare systems depends not only on preventing threats and mitigating their impact but also on fostering a culture of readiness and resilience through staff engagement, system adaptability, and continuous improvement in security strategies. This integrated approach ensures that healthcare organizations can maintain operational integrity even in the face of cybersecurity challenges.

Department

Psychology; Library

Link to Full Text

Share

COinS